One or more aspects relate to the field of secure passcode entry using a mobile device with augmented reality capability. In particular, one or more aspects relate to secure passcode entry using a mobile device for entering the passcode at a terminal.
Wearable devices in the form of headsets, for example, Google Glass (Google and Google Glass are trademarks of Google, Inc.) are known which enable an augmented reality (AR) display. Mobile phone devices with a camera may also be used as an augmented reality device by overlaying an augmented reality display on the screen of the mobile phone device.
In AR pin code security, a PIN entry device is needed to be specifically paired with the AR capable device. This may use a traditional pairing by exchanging some information or holding down a button; however, this is cumbersome for the user.
Current solutions for pairing involve making one device discoverable, selecting that device on the other, and then checking that the confirmation codes match to make sure there is not someone else trying to interfere with the pairing. This is quite good for security if users check the codes carefully. In practice, the inconvenience of checking the codes prevents people from checking and reduces the security. This can be a significant problem in a financial situation where there could be big rewards for attackers.
PIN authentication using AR devices is known in which a random or blank keypad is displayed to a user for entry of a PIN. Due to the pairing of the AR device with a host device of the keypad, the AR device and the host device know the keypad arrangement without this being displayed.
However, there remain security concerns due to the possible interception of data transfer between the host device and the AR device. Also, existing methods require a wireless data transfer communication during the PIN authentication which limits the applicability of such arrangements.